[tor-commits] [torspec/master] tor-spec: Document DoS mitigation consensus param

nickm at torproject.org nickm at torproject.org
Sat Mar 3 16:55:38 UTC 2018 

commit ed14d85d57cdcf0742040a57e9f0a75f69567482
Author: David Goulet <dgoulet at torproject.org>
Date:   Tue Feb 13 09:44:07 2018 -0500

    tor-spec: Document DoS mitigation consensus param
    
    Closes #25095
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 dir-spec.txt | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/dir-spec.txt b/dir-spec.txt
index ece2991..bcfa62c 100644
--- a/dir-spec.txt
+++ b/dir-spec.txt
@@ -1995,6 +1995,47 @@
         Min 1. Max 10. Default 2.
         First-appeared: 0.3.3.0-alpha.
 
+        Denial of Service mitigation parameters. Introduced in 0.3.3.2-alpha:
+
+         "DoSCircuitCreationEnabled" -- Enable the circuit creation DoS
+         mitigation.
+
+         "DoSCircuitCreationMinConnections" -- Minimum threshold of concurrent
+         connections before a client address can be flagged as executing a
+         circuit creation DoS
+
+         "DoSCircuitCreationRate" -- Allowed circuit creation rate per second
+         per client IP address once the minimum concurrent connection
+         threshold is reached.
+
+         "DoSCircuitCreationBurst" -- The allowed circuit creation burst per
+         client IP address once the minimum concurrent connection threshold is
+         reached.
+
+         "DoSCircuitCreationDefenseType" -- Defense type applied to a detected
+         client address for the circuit creation mitigation.
+
+            1: No defense.
+            2: Refuse circuit creation for the
+               DoSCircuitCreationDefenseTimePeriod period.
+
+         "DoSCircuitCreationDefenseTimePeriod" -- The base time period that
+         the DoS defense is activated for.
+
+         "DoSConnectionEnabled" -- Enable the connection DoS mitigation.
+
+         "DoSConnectionMaxConcurrentCount" -- The maximum threshold of
+         concurrent connection from a client IP address.
+
+         "DoSConnectionDefenseType" -- Defense type applied to a detected
+         client address for the connection mitigation. Possible values are:
+
+            1: No defense.
+            2: Immediately close new connections.
+
+         "DoSRefuseSingleHopClientRendezvous" -- Refuse establishment of
+         rendezvous points for single hop clients.
+
     "shared-rand-previous-value" SP NumReveals SP Value NL
 
         [At most once]

More information about the tor-commits mailing list